A USERNAME and password combination has long been the standard security mechanism for online accounts. But that method just isn’t cutting it anymore.
Huge data breaches, in which hackers gain access to personal information, have risen sharply in the last few years. And consumers have named identity theft their No. 1 online concern for 14 consecutive years, according to the Federal Trade Commission.
Sometimes, our existing security infrastructure can’t protect us, like when our personal data is stored in vulnerable databases. But all too often, we’re our own worst enemy. Our own weak passwords make it all too easy for hackers to guess them; we use the same passwords for multiple sites, offering thieves a sort of skeleton key. And even when we’re told about data breaches, we don’t always respond by changing passwords or any other behaviours.
The reality is, passwords don’t look to be leaving us anytime soon. Still, there are some new and interesting tools to help make our password-protected world a little safer. Many of the most ambitious and promising technologies are coming in the realm of biometrics—that is, using some physical part of yourself like your voice, fingerprint, facial recognition or an iris scan.
Biometric security systems have long been promised. Those promises have started to become reality in recent years and really became mainstream with the introduction of a fingerprint reader in iPhones last year. Now, people with the latest iPhones can unlock their phones, authorise purchases from iTunes and other apps and even pay at some stores by just touching their finger to their phone. The phone reads the person’s fingerprint and approves the payment.
“It used to be a fingerprint sensor had to connect with a USB cable and you’d pay hundreds of dollars,” said Hector Hoyos, the chief executive of Hoyos Labs, a biometric security start-up. “Now it’s on your iPhone.” This month, Hoyos’s company will release 1U, an app that uses facial recognition to log people into various accounts. The app starts at $30 a year; the price can go up depending on how many websites and devices you connect to it.
The app doesn’t replace passwords entirely. To use it, you must first log into each online service, like your bank or email account or Facebook, while in the app. When you want to log into one of those services in the future, you visit the site through the app and have 1U scan your face with your phone’s camera. If the scan is successful, the app logs you in as though you had typed in your password.
Because you don’t need to remember your passwords when using the app, you can set a unique and sophisticated password for each service in the first place. In addition, the app allows you to set various levels of security for different accounts. You can choose to have the app scan your face quickly for one account, for example, and do a “liveness” test, which will force you to move your eyes and smile before you can log in, for another account.
The app can connect with your computer, too, so when you want to log in to sites there, you can glance at your phone for a facial scan instead of entering your password. The phone sends an encrypted message to the computer authorising the login. The experience isn’t perfect: For one thing, you have to go to the sites through the 1U app instead of the apps or the browser you usually use. And looking at your phone to log into a website on your computer is clunky.
In the future, Hoyos hopes that companies will stop using passwords altogether, eliminating the risk of having login credentials stored on external servers. Other companies are following a similar path: Making biometric add-ons that work with existing password systems while trying to persuade companies to make a wholesale change.
EyeLock, a start-up in New York, just released Myris, a USB-connected iris scanner that costs $280. The iris is one of the most unique human identifiers, as no two are alike. Anthony Antolino, the chief marketing officer for EyeLock, said the company was working with companies like Bank of America and had already incorporated its iris scanning technology into some of its buildings.
As for the Myris device, it’s essentially an extremely high-tech password manager. Like the 1U app, it doesn’t replace your passwords, it just replaces the need to enter them when you’re logging in to a site or to your computer.
Unlike 1U, though, the Myris software can create new, secure passwords for you and save them so you don’t have to remember them. And it can import saved passwords from programs like LastPass.
If these two new products don’t excite you, rest assured that biometrics are almost surely headed your way soon. Brett Beranek, the director of product strategy for voice biometrics at Nuance Communications, which makes voice-recognition software and technologies, said most consumers would begin to encounter some kind of biometric systems in the next few years.
New York Times